e8b900c722
todo.md: add media looping controls
2024-06-01 13:37:51 +00:00
36f4fa3018
checkSandboxed: fix so that cross-built scripts can be checked again
...
how did this work earlier? does lappy have binfmt enabled??
2024-06-01 13:24:41 +00:00
d8d11de9bc
sftpgo: replace deprecated "crypt" with "passlib"
2024-06-01 13:01:19 +00:00
07194d062a
servo: nfs: disable
2024-06-01 12:45:10 +00:00
24c49df75f
health-check: add a check that ftp://uninsane.org is operational
2024-06-01 12:42:53 +00:00
9f7e143d5e
todo.md: add some kernel work to be done
2024-06-01 12:38:28 +00:00
0a382ae8a3
todo.md: remove completed "landlock sandboxer prints garbage" item
2024-06-01 12:35:46 +00:00
96f177ceb2
docs: overlays/cross: slightly tidy up the "outstanding issues" part
2024-06-01 12:24:00 +00:00
2aa3fa35b8
nixpkgs: 2024-05-31 -> 2024-06-01; nixpkgs-wayland -> 2024-05-31
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/8a0a33b56d6279fec4827da602882561ef00f2fb' (2024-05-31)
→ 'github:nixos/nixpkgs/f7de25c01e4c073c06e0525226a0c2311d530cee' (2024-06-01)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/7ccd1516effbc5510391d3b498a7a3bef92a090b' (2024-05-31)
→ 'github:nixos/nixpkgs/61c1d282153dbfcb5fe413c228d172d0fe7c2a7e' (2024-06-01)
• Updated input 'nixpkgs-wayland':
'github:nix-community/nixpkgs-wayland/1db9b79a45c8e346e03480767e6d9749fabfaf10' (2024-05-31)
→ 'github:nix-community/nixpkgs-wayland/93b225ddba91179248b378913a91defbc6aeb899' (2024-05-31)
```
2024-06-01 12:20:45 +00:00
8657cf1fcf
ship ausyscall
binary
2024-06-01 12:17:08 +00:00
f875db916d
sandboxing: fix checkSandboxed
to handle packages with multiple outputs
2024-06-01 12:12:46 +00:00
e3e86a43a9
brightnessctl: disable unused dbus access
2024-06-01 12:09:51 +00:00
05986d363d
brightnessctl: fix udev rules so i can run it again
2024-06-01 12:02:24 +00:00
539d9e45a2
networkmanager/modemmanager: ship separate packages for the daemon and CLI tools
...
they require fundamentally different sandboxing approaches. the daemon *can't* always use bwrap if it wants to run as non-root. meanwhile the CLI tools would mostly *prefer* to run under bwrap.
in the long term i'll maybe upstream the systemd sandboxing into nixpkgs, where there looks to be desire for it
2024-05-31 23:26:16 +00:00
a380bd04c4
trivial-builders: init deepLinkIntoOwnPackage
2024-05-31 23:26:16 +00:00
f296d8df93
make-sandboxed: fix multi-output packages and sandbox *all* their outputs
...
this mostly applies to the wrapperType = 'inplace' users
2024-05-31 23:26:16 +00:00
326bf045b0
networkmanager/wpa_supplicant: switch user back to "networkmanager"
...
root gives too much power, even with bwrap/namespaces
2024-05-31 23:26:16 +00:00
a1181a10ea
networkmanager: install parallel dbus .conf files to allow the services to be run as *either* networkmanager or root user (hopefully!)
2024-05-31 23:26:16 +00:00
9bb6a903bb
wpa_supplicant: get it to run under bwrap
2024-05-31 23:26:16 +00:00
214f963d89
networkmanager: run all services as root instead of networkmanager user
...
i believe this may allow using bwrap instead of landlock
2024-05-31 23:26:16 +00:00
c7eb4b66a5
polyunfill: remove unused su
and sg
security wrappers
2024-05-31 14:59:23 +00:00
452543e6f3
fix rescue
host build
2024-05-31 10:37:03 +00:00
d692ac9851
overlays/cross: remove broken cdrtools fix (that project is INSANE)
2024-05-31 09:40:44 +00:00
5cba283859
overlays/cross: update upstreaming status
...
my part of the gnome2.GConf fix was actually upstreamed a year ago; the package fails for a different reason
2024-05-31 09:04:16 +00:00
7a701f92eb
nixpkgs: bump
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/d3d81af60c22e9e93a3930a9630b210362341ab9' (2024-05-31)
→ 'github:nixos/nixpkgs/8a0a33b56d6279fec4827da602882561ef00f2fb' (2024-05-31)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/4e60a4d94bdc1abafeefc1928aa3cda6ce6c4210' (2024-05-31)
→ 'github:nixos/nixpkgs/7ccd1516effbc5510391d3b498a7a3bef92a090b' (2024-05-31)
```
2024-05-31 08:44:53 +00:00
3c3a32e436
nixpatches: grab libphonenumber cross patch from PR
2024-05-31 08:43:27 +00:00
07aec3ca3c
apps: explain why i ship both engrampa and xarchiver archive managers
2024-05-31 08:39:23 +00:00
58d5f11c7a
overlays/cross: disable patches which im not actively using
2024-05-31 08:21:23 +00:00
ed2d4ef488
overlays/cross: update upstreaming status
2024-05-31 08:02:25 +00:00
e8f8866032
overlays/cross: remove old emulated
package set and buildInQemu
, etc
2024-05-31 06:59:32 +00:00
a2dfd8f08e
libphonenumber: use a better patch for cross (CMAKE_CROSSCOMPILING_EMULATOR)
2024-05-31 06:27:10 +00:00
c7fd3d2217
nixpkgs: 2024-05-26 -> 2024-05-31, nixpkgs-wayland -> 2024-05-31
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/2baa940f86e1fc54757fd7d1ed551c0a38904bf2' (2024-05-26)
→ 'github:nixos/nixpkgs/d3d81af60c22e9e93a3930a9630b210362341ab9' (2024-05-31)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/7780e5160e011b39019797a4c4b1a4babc80d1bf' (2024-05-26)
→ 'github:nixos/nixpkgs/4e60a4d94bdc1abafeefc1928aa3cda6ce6c4210' (2024-05-31)
• Updated input 'nixpkgs-wayland':
'github:nix-community/nixpkgs-wayland/397c85d463aef789a8dd24c4db467e9ad787907b' (2024-05-26)
→ 'github:nix-community/nixpkgs-wayland/1db9b79a45c8e346e03480767e6d9749fabfaf10' (2024-05-31)
```
2024-05-31 06:09:03 +00:00
0fcc3f8d5d
ModemManager: make the sandbox more strict
2024-05-30 21:32:35 +00:00
0bb887158b
implement a dropbear SSH module
2024-05-30 20:58:01 +00:00
6570c5ed84
modemmanager: sandbox with bwrap instead of landlock
2024-05-30 18:47:09 +00:00
820fdecfd5
modemmanager: minimal (working) sandbox
2024-05-30 18:27:34 +00:00
8d43565f31
sane-theme: disable sandbox
2024-05-30 16:54:10 +00:00
18364761dd
wireplumber: undo the enableSystemd=false patch
2024-05-30 16:50:53 +00:00
d3937487e6
moby: cleanup bonsai <-> sway circular dependency (slightly)
2024-05-30 12:43:09 +00:00
3fdeacc336
sane-input-handler: add a --help command
2024-05-30 12:30:41 +00:00
847414ac1f
health-check: add a test that git is online
2024-05-30 12:18:57 +00:00
84f2006115
servo: fix gitea
2024-05-30 12:12:06 +00:00
7f5e12da8d
dbus: dont consider the service "up" until the unix pipe actually appears
2024-05-30 11:04:02 +00:00
afa8a3c52e
activationScripts.notifyActive: future-proof for if ever DBUS_SESSION_BUS_ADDRESS changes
2024-05-30 11:03:35 +00:00
bfbcb4789b
activationScripts.notifyActive: fix forrenamed XDG_RUNTIME_DIR
2024-05-30 10:56:17 +00:00
2531cc1cf6
bonsai: place the socket in a subdirectory to improve sandboxing
2024-05-30 09:54:28 +00:00
e55b75c333
wireplumber: build without systemd
2024-05-30 09:46:29 +00:00
adb54657d4
sway: fix bonsai to be visible in the sandbox
2024-05-30 09:46:04 +00:00
6eefb9ce20
wireplumber: build against the same pipewire i deploy
2024-05-30 09:06:41 +00:00
2233622bb7
landlock-sandboxer: remove startup messages for 6.9
2024-05-30 08:55:13 +00:00